USN-218-1: netpbm vulnerabilities

22 November 2005

netpbm-free vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Two buffer overflows were discovered in the ‘pnmtopng’ tool, which were triggered by processing an image with exactly 256 colors when using the -alpha option (CVE-2005-3662) or by processing a text file with very long lines when using the -text option (CVE-2005-3632).

A remote attacker could exploit these to execute arbitrary code by tricking an user or an automated system into processing a specially crafted PNM file with pnmtopng.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
netpbm
Ubuntu 5.04
netpbm
Ubuntu 4.10
netpbm

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References